Hi, since a few days, I receive a lot of spam, all coming from email addresses with the tld .xyz. Is it possible to add a blacklisting rule to block all emails with a domain name ending in .xyz (or any other tld) I send the htf report I generated a few minutes ago. Thank you very much.
Does this work for you? https://www.howtoforge.com/community/threads/rejecting-mail.72112/#post-339457
Hello, first please excuse my late answer, I am travelling right now with very limited internet connection: I tried to do what is written in the link you posted and for now it seems to work. Thank you very much!!!
Another option: recent spamassassin (v3.4.1 or newer) provides a list of new gtld's coming out that are being used for spam, so you don't have to track/maintain it, just run sa-update. There are pro's and con's to each approach (eg. blocking in postfix saves system resources).
Thank you! I have spamassassin v3.4.0 installed with the ispconfig Perfect Server tutorial. As the updates are done automatically, I am not sure if I can update SA manually, could it break the system?
Hmmmm, can't you just use ISPCs Postfix Blacklist feature with type "Sender"? Not sure how the blacklist address entry should be for the gTLD
Thank you! I actually run the command /usr/bin/sa-update but I didn't think to restart amavisd. I did it now, I hope this does the trick! Thank you.
Ok, I have now tested it how to do it in ISPC directly. I was wrong with the Sender Blacklist, since that seems to require a second level domain, e.g. domain.tld. However the content filter work fine. 1. Log into ISPC 2. Go to Email tab 3. On the left on Global Filters select the "Content Filter" 4. Press on "Add new Content Filter" 5. Make sure that it uses "Header Filter" 6. In the Regexp Pattern input enter for example: Code: /<.+?@.+?\.xyz>/ 7. In the Data input box you can enter some message. I use like: "No .xyz mail allowed here" 8. For the Action use "Reject" or "Discard" 9. Save Basically what you do here is filter email headers for a specific string. In this case you look whether ".xyz>" appears somewhere in the header. I would include the closing bracket ">" as it is usually shows the end of the email address. Hence the xyz is the tld seperated from the second level domain by the ".". The message in the Data input box will be logged in your mail.log file - hence I like to give it some meaningful text in case someone complains about not having received the email and you can then figure out quickly which filter was applied and correct the situation. Also if you select "Reject" then the mail will bounce back to the sender and with according information that you set in the Data input box. If you select to "Discard", then postfix will just silently delete the mail. I'll need to update my email tool to submit gTLDs to the blacklist also.
I'm currently updating my little helper tool. I have several servers and I want to apply spam filter and stuff on them all. So I made a little helper script with PHP, since I run on my notebook apache/php, that will allow me to easily add stuff to the filters.
Addon: Updated my little php script: https://www.howtoforge.com/communit...ostfix-blacklisting-and-content-filter.71122/
Something like /<.+@.+\.xyz>/ might help a small bit with false positives. Offhand, does your script set a timestamp when an entry was added or should be expired, sjau?
good catch about the @ Nah, my script just runs locally and uses the API to add stuff to ISPC. By default, the global mail filters do not have an expiration date. However, I think you could use the "data" field to add a timestamp and then regularly run a script to purge instead.
Just today, I started getting spam from .bid TLD: Code: tail -f /var/log/mail.log | grep TLD Mar 1 09:50:41 manager postfix/cleanup[19833]: 6CDE19E643B2: reject: header Received: by server.cegyb.bid id hqlbu2000dso for <[email protected]>; Mon, 29 Feb 2016 20:57:04 -0500 (envelope-from <[email protected]>) from server.cegyb.bid[37.139.22.244]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<server.cegyb.bid>: 5.7.1 Spam not tolerated here - header - bid (TLD) Mar 1 09:50:41 manager postfix/cleanup[19833]: 814739E643B2: reject: header Received: by server.cegyb.bid id hqlbu2000dso for <[email protected]>; Mon, 29 Feb 2016 20:57:41 -0500 (envelope-from <[email protected]>) from server.cegyb.bid[37.139.22.244]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<server.cegyb.bid>: 5.7.1 Spam not tolerated here - header - bid (TLD) Mar 1 09:50:41 manager postfix/cleanup[19833]: 900D49E643B2: reject: header Received: by server.cegyb.bid id hqlbu2000dso for <[email protected]>; Mon, 29 Feb 2016 22:08:16 -0500 (envelope-from <[email protected]>) from server.cegyb.bid[37.139.22.244]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<server.cegyb.bid>: 5.7.1 Spam not tolerated here - header - bid (TLD) Mar 1 09:50:41 manager postfix/cleanup[19833]: 9D7649E643B2: reject: header Received: by server.cegyb.bid id hqlbu2000dso for <[email protected]>; Mon, 29 Feb 2016 22:09:39 -0500 (envelope-from <[email protected]>) from server.cegyb.bid[37.139.22.244]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<server.cegyb.bid>: 5.7.1 Spam not tolerated here - header - bid (TLD)
Hello all, first: i'm sory but my english is realy bad. I do not quite understand exactly the parameters defined in this post. I need to block the domain "@xxxxxx.xxx" and I used the header filter "/<.+?@.+?\xxxxxx.xxx>/" but it is not working for me. Can someone explain to me the use of each of the parameters of the string "/<.+?@.+?\.xyz>/" or else show me an example of use for this particular case?
